from the not-so-free-markets dept

If you remember a few years ago, there was ample hysteria and hand-wringing in Congress regarding Huawei's plan to compete in the American cell phone and network hardware business. But despite near-constant claims by certain lawmakers that Huawei was an intelligence proxy for the Chinese government, numerous, multi-year investigations found absolutely no evidence to support this conclusion. That of course didn't stop certain parties from repeatedly insisting that Huawei was a Chinese government spy, since we all know that in the post-truth era, what your gut tells you is more important than empirical evidence.

Never mind that almost all U.S. network gear is made in (or comprised of parts made in) China. Never mind that obviously NSA allegations show the United States spies on almost everyone, constantly. Never mind that reports have emerged that a lot of the spy allegations originate with Huawei competitor Cisco, which was simply concerned with the added competition. Huawei is a spy. We're sure of it. And covert network snooping is bad. When China does it.

Fast forward to this week. A new report in the Wall Street Journal indicates that AT&T and Huawei were about to announce a new cellphone sales partnership at CES. While Huawei phones are available unlocked in the States (and Huawei has helped Google build its own smartphones already), the deal would have marked the first major partnership between the company and a major cellular provider. But the deal was scrapped at the last second for reasons neither company wanted to disclose to the Journal:

"It was unclear why AT&T, the country’s No. 2 carrier by subscribers, changed its mind. An AT&T spokesman declined to comment. A Huawei spokesman declined to comment on conversations with AT&T, saying only that “Huawei has proven itself by delivering premium devices with integrity globally and in the U.S. market."

A paywalled report over at the Information appears to offer the real reason for the last-minute scuttling of the partnership: namely a letter sent to the Trump FCC by members of the Senate and House Intelligence Committees again claiming that Huawei is a spy for the Chinese government:

Huawei's U.S. smartphone deal with AT&T was killed just days ago due to political pressure, according to a person close to the deal. pic.twitter.com/elQennsmWW

While it's certainly not impossible that Huawei is aiding Chinese government surveillance, the fact remains that there have been numerous, lengthy investigations into this claim (one of which was eighteen months long), none of which have actually resulted in the slightest bit of evidence proving the allegations. And again, what has been proven so far is that lobbyists for companies like Cisco have spent ample time pouring fire on these concerns in the minds of cash-compromised lawmakers, simply because they don't want to have to face another deep-pocketed competitor in the US hardware market.

That is, as some guy named Mike Masnick noted on Twitter, something we've long enjoyed criticizing China for:

And then American companies complain when China blocks competition from American firms... And just watch as China points to this case as evidence for why America does the same thing. https://t.co/e7pRlacZf7

AT&T, no stranger to domestic spying (bone grafted as it is to the United States own intelligence-gathering aparatus) may have been willing to kill the deal out of blind "patriotism" or the belief it could help gain regulatory approval for the company's $86 billion acquisition of Time Warner (currently being challenged by the DOJ in court). Nobody in this chain has much in the way of integrity or a history of truth-telling, and until evidence emerges that Huawei is the nefarious spymaster allegations have long alleged, a dash of skepticism seems warranted.

from the good-luck-out-there dept

At the beginning of this week, reports emerged that Avast, owner of the popular CCleaner software, had been hacked. Initial investigations by security researchers at Cisco Talos discovered that the intruder not only compromised Avast's servers, but managed to embed both a backdoor and "a multi-stage malware payload" that rode on top of the installation of CCleaner. That infected software -- traditionally designed to help scrub PCs of cookies and other tracking software and malware -- was subsequently distributed by Avast to 700,000 customers (initially, that number was thought to be 2.27 million).

And while that's all notably terrible, it appears initial reports dramatically under-stated both the scope and the damage done by the hack. Initially, news reports and statements by Avast insisted that the hackers weren't able to "do any harm" because the second, multi-stage malware payload was never effectively delivered. But subsequent reports by both Avast and Cisco Talos researchers indicate this payload was effectively delivered -- with the express goal of gaining access to the servers and networks of at least 18 technology giants, including Intel, Google, Microsoft, Akamai, Samsung, Sony, VMware, HTC, Linksys, D-Link and Cisco itself.

Cisco's researchers say they obtained a copy of the hackers' command-and-control server from an unnamed source. That server contained detailed logs of the 700,000 or so computers that had "phoned home" to the hackers earlier this month. Subsequent investigation has concluded that the hackers didn't really care about most of the infected customers, and that this may have been a sophisticated state-sponsored attack specifically designed access and copy internal information and trade secrets from major tech firms:

"That target list presents a new wrinkle in the unfolding analysis of the CCleaner attack, one that shifts it from what might have otherwise been a run-of-the-mill mass cybercrime scheme to a potentially state-sponsored spying operation that cast a wide net, and then filtered it for specific tech-industry victims. Cisco and security firm Kaspersky have both pointed out that the malware element in the tainted version of CCleaner shares some code with a sophisticated hacking group known as Group 72, or Axiom, which security firm Novetta named a Chinese government operation in 2015."

One configuration file on the attackers' server was also set for China's time zone, though of course neither of these are enough solid evidence to definitively conclude state-sponsored involvement... yet. In an updated post to its website, Avast has been forced to concede that their initial claim that the second, multi-staged payload was never delivered was false, and that the total number of compromised machines at these targeted companies is "at least in the order of hundreds":

"First of all, analysis of the data from the CnC server has proven that this was an APT (Advanced Persistent Threat) programmed to deliver the 2nd stage payload to select users. Specifically, the server logs indicated 20 machines in a total of 8 organizations to which the 2nd stage payload was sent, but given that the logs were only collected for little over three days, the actual number of computers that received the 2nd stage payload was likely at least in the order of hundreds. This is a change from our previous statement, in which we said that to the best of our knowledge, the 2nd stage payload never delivered."

Cisco also warned impacted tech companies that deleting the software itself off of infected PCs is no guarantee that the threat has been mitigated, since the payload may have installed a second payload on their networks with its own, still-active command and control server. Like previous attacks of this type, the reported scope of the sophisticated attack is likely to only grow as researchers dig deeper.

As several outlets were quick to correctly note the attack on CCleaner highlights a supply-side security problem at a growing number of software companies like Ukrainian accounting software MeDoc and South Korea-based firm Netsarang, which both passed on malware to trusting clients in the last few months. Traditionally we've comforted ourselves by insisting we're safe if we just avoid untrusted app stores, dubious attachments, or questionable links -- but this attack further up the software supply chain erodes public trust, which could deter users from using or updating essential protection.

from the friends-like-these dept

Both Oracle and Cisco (not coincidentally major ISP vendors) have come out in full-throated support of the FCC's plan to kill net neutrality. FCC boss Ajit Pai has been making the rounds the last few weeks in Silicon Valley and elsewhere, trying to drum up support of his attack on broadband consumer protections. Pai met with Cisco, Oracle, Facebook and Apple in a number of recent meetings, but so far only Oracle and Cisco have been willing to enthusiastically and publicly throw their corporate fealty behind Pai's extremely-unpopular policies.

"From our perspective as a Silicon Valley technology company, what should have been a purely technological discussion of managing traffic on internet networks has inexplicably evolved into a highly political hyperbolic battle, substantially removed from technical, economic, and consumer reality. Further, the stifling open internet regulations and broadband classification that the FCC put in place in 2015 – for just one aspect of the internet ecosystem – threw out both the technological consensus and the certainty needed for jobs and investment."

If you're playing along at home, you should, by now, realize this is bullshit. Once again, public SEC filings, earnings reports, and ISP executive statements contradict this claim. Killing net neutrality and broadband privacy protections is about one thing: letting giant incumbent ISPs make more money by abusing the lack of competition in the broadband last mile. And while that's good for ISP vendors like Oracle, that's not so great for the smaller companies that need a healthy, level playing field to do business. That's why over 800 startups have come out in opposition to the FCC plan.

Like Oracle, Cisco was similarly eager to ignore the vast negative repercussions of the FCC's plan in a statement over at the company's website. In its statement, Cisco also falsely claims that net neutrality stifled investment:

"The proposal will review what is needed to protect consumers and prevent anti-competitive behavior, while rolling back Title II reclassification, which has inhibited investment. The balanced approach Commissioner Pai unveiled will encourage new investments in broadband networks and speed the development of innovative services, including Internet of Things technologies, telemedicine, distance learning, emergency services, and mobile 5G."

As we've noted, Pai's "balanced approach" involves first gutting all FCC authority over broadband, then shoveling the remaining, paltry authority back over to an already limited FTC authority that AT&T lawyers have demostrated they're able to tap dance around. Both Cisco and Oracle are well aware that the goal here isn't "balanced" regulations or "protecting consumers"; the goal is to turn a blind eye to the lack of competition in the broadband space (a disease for which neutrality violations are just one symptom) for the sole benefit of their clients at AT&T, Comcast, Verizon and Charter.

Oracle and Cisco's vocal support of the killing of net neutrality comes as former net neutrality supporters like Netflix and Google have remained notably silent this go-round. Contrary to some media narratives, Google hasn't really been a vocal net neutrality supporter since 2010, and its interest in protecting an open internet has waned exponentially after launching an ISP (Google Fiber) and jumping into wireless. Netflix has similarly toned down its rhetoric to aid its lobbying under the Trump administration, while shifting its overall focus toward international expansion.

That has left startups, consumers, smaller companies (like Roku and Mozilla) under-funded and under-gunned as they fight to keep the internet resembling something vaguely like a level playing field.

from the we-didn't-put-the-accents-in-the-title,-since-they-break-some-rss-readers dept

While the Oracle/Google case tends to get most of the attention when people talk about the copyrighting of interfaces, there was another big "interfaces on trial" case that just completed between Cisco and Arista Networks. Cisco insisted that Arista was infringing on its Command Line Interface (CLI) by using some of the same commands that Cisco equipment used. Arista responded by pointing out that a command line interface is hardly unique, and Cisco itself had been pushing the command line interface as an industry standard, and also that this whole lawsuit was just silly (they didn't quite put it in those terms, but...). Like the Oracle/Google case, this one had a patent issue attached at the hip, which got tossed off early on. That matters, because it means that the inevitable appeal will go up through CAFC, the appeals court that specializes in mucking up patent law. CAFC infamously took its "mucking up patent" skills to copyright law a few years back, in the Oracle/Google case when it decided that APIs were copyright-eligible subject matter, upending years of common wisdom, legal precedent and the clear text of the Copyright Act about interfaces.

Of course, in the Oracle/Google case, after CAFC's disastrous decision, Google still came out ahead (so far) when a jury decided that its copying of the APIs was "fair use." In the Cisco/Arista case that just concluded, the jury went in a slightly different direction. It rejected the fair use argument, but still said the work wasn't infringing, because of the scènes à faire doctrine, which is one of those few copyright legal doctrines experts will throw in (along with "de minimis" when reminding people that fair use is not the only exception to copyright). The basis of scènes à faire is that it's something within the work where there are only a very small number of ways to do something, and thus, it's quite likely that multiple parties will do the same thing, meaning that any copyright will be greatly limited. Scènes à faire is French for "scenes that must be done."

In other words, the jury more or less said that using the command line interface was so basic to the operation of this kind of equipment, that it would be ridiculous to expect each vendor to come up with something different. Unfortunately, the jury didn't see the use as fair use, which Cisco has already jumped on as a sort of moral victory, but one that may come up later, if Cisco can successfully overturn the ruling on scènes à faire. Of course, if this case weren't forced to go through CAFC on appeal, it would have been nice to have been able to challenge the question of whether or not there's any copyright on Cisco's CLI at all, but thanks to CAFC's failure to comprehend that an interface is different than software, this is where we are. I fully expect that CAFC will somehow muck up this case too on appeal, but hope to be pleasantly surprised.

from the uphill-battle dept

Back in 2011 we noted how a group of Falun Gong members filed suit against Cisco in San Francisco, alleging that Cisco held some culpability for the Chinese government's crackdown on dissidents, critics, and others. According to the lawsuit at the time, Cisco "competed aggressively" for the contracts to design China's Golden Shield system, "with full knowledge that it was to be used for the suppression of the Falun Gong religion." The full, amended complaint (pdf) accused Cisco CEO John Chambers and two other senior executives of working with the CCP to find, eavesdrop on and track Falun Gong members.

The class action lawsuit leaned on a law known as the Alien Tort Statute, which allows non-US citizens to file human rights abuse claims in Federal court. But in 2014 a California court cited the U.S. Supreme Court's 2013 decision in Kiobel v. Royal Dutch Petroleum Co., -- stating that the Falun Gong members failed to cleanly show evidence that Cisco or its directors were directly tied to the human rights abuses and "interrogation." The court again upheld that point in 2015:

"[T]here are insufficient allegations that defendants obtained a direct benefit from the persecution of Falun Gong practitioners,” Judge Davila said. “While plaintiffs allege that anti-Falun Gong features in the Golden Shield are lucrative to defendants and appealing to the Chinese government, there is no indication that defendants would earn a reduced profit if those features were absent from the Golden Shield system."

Throughout this fight, the Electronic Frontier Foundation has consistently tried to argue that Cisco didn't need to be physically present in China to aid in human rights violations via the use of its systems, designed and constructed in Cisco's offices in San Jose, California. The group has also pointed repeatedly to marketing material and internal documents that show Cisco knew its systems would be used for surveillance and torture, though the EFF's consistently had its amicus briefs (pdf) rejected by the court. In one, the EFF details Cisco acknowledges the construction of:

"Cisco’s conduct is part of a growing trend of U.S. and European technology companies helping repressive governments become highly efficient at committing human rights violations,” said Cope. “We are asking the Ninth Circuit to recognize that victims of such abuses can seek to hold accomplices like Cisco accountable for their role in brutal persecutions."

Attempting to hold Cisco accountable for violating U.S. law while doing business in China is obviously a pretty steep uphill climb. And while many would love to see companies like Cisco held responsible for willfully aiding in the surveillance and torture of a group of people whose biggest crime was compassion, others rightly worry that trying to dictate who companies can and can't do business with is a troubling and ultimately fruitless affair. Still, the case continues to generate an interesting discussion on just where the lines of culpability and liability truly lie.

from the bad-news dept

Well, this is unfortunate. Last fall, we wrote about yet another patent case being heard by the Supreme Court. This one (Commil v. Cisco) involved the question of whether or not a company could be found liable for "inducing infringement" when it believed that the patent in question was clearly invalid. The appeals court (CAFC) had overturned a lower court, saying that it was wrong for a judge to instruct a jury that Cisco could be found guilty of inducing patent infringement if it "knew or should have known that its actions would induce actual infringement." The big question was about the "should have known" part. Cisco argued -- and the CAFC agreed -- that the "should have known" statement created a negligence standard, which is not appropriate in such cases. Further, CAFC rightly pointed out that "one cannot infringe an invalid patent."

Unfortunately, the Supreme Court has now mostly sided with the patent holder Commil, and said that believing a patent is invalid is no defense to an inducement claim in a patent infringement case. The reasoning -- in an opinion by Justice Kennedy -- is basically "infringement and validity are two separate issues." True... but... sorta misses the point. The Court, thankfully, didn't go quite as far as it could have gone in saying that you could induce infringement even without knowledge that something is infringing, but it rejected the idea that a belief the patent was invalid is a "defense" to an inducement claim. All because it insists that validity and infringement are two entirely separate issues.

When infringement is the issue, the validity of the patent is not the question to be confronted.

But this presumption of validity is problematic in any real world scenario, and the ruling doesn't seem to care, focusing on the procedural issues of when certain arguments are made and who has the burden at what point:

To say that an invalid patent cannot be infringed, or that someone cannot be induced to infringe an invalid patent, is in one sense a simple truth, both as a matter of logic and semantics. See M. Swift & Sons, Inc. v. W. H. Coe Mfg. Co., 102 F. 2d 391, 396 (CA1 1939). But the questions courts must address when interpreting and implementing the statutory framework require a determination of the procedures and sequences that the parties must follow to prove the act of wrongful inducement and any related issues of patent validity. “Validity and infringement are distinct issues, bearing different burdens,different presumptions, and different evidence.” 720
F. 3d, at 1374 (opinion of Newman, J.). To be sure, if at the end of the day, an act that would have been an infringement or an inducement to infringe pertains to a patent that is shown to be invalid, there is no patent to be infringed. But the allocation of the burden to persuade on these questions, and the timing for the presentations of the relevant arguments, are concerns of central relevance to the orderly administration of the patent system.

Right. But that means that anyone who is aware of what they know to be an invalid patent would first need to have the patent itself rejected before they can go on with their business, and that creates a huge hurdle to innovation.

But what's interesting is that the Supreme Court then delves into a discussion on the fact that this ruling has a big impact on patent trolling situations. First, from the opinion by Kennedy:

The Court is well aware that an “industry has developed in which firms use patents not as a basis for producing and selling goods but, instead, primarily for obtaining licensing fees.”... Some companies may use patents as a sword to go after defendants for money, even when their claims are frivolous. This tactic is often pursued through demand letters, which“may be sent very broadly and without prior investigation,may assert vague claims of infringement, and may be designed to obtain payments that are based more on the costs of defending litigation than on the merit of the patent claims.” ... This behavior can impose a “harmful tax on innovation.”....

No issue of frivolity has been raised by the parties in this case, nor does it arise on the facts presented to this Court. Nonetheless, it is still necessary and proper to stress that district courts have the authority and responsibility to ensure frivolous cases are dissuaded. If frivolous cases are filed in federal court, it is within the power of the court to sanction attorneys for bringing such suits. Fed. Rule Civ. Proc. 11. It is also within the district court’s discretion to award attorney’s fees to prevailing parties in “exceptional cases.”...

But, in the dissent, Justice Scalia rips into the practice, and (for the first time) calls out patent trolling as patent trolling, and notes that the majority ruling gives more power to patent trolls:

I may add, however, that if the desirability of the rule we adopt were a proper consideration, it is by no means clear that the Court’sholding, which increases the in terrorem power of patent trolls, is preferable.

Scalia also rips apart the arguments in the majority opinion:

Because only valid patents can be infringed, anyone with a good-faith belief in a patent’s invalidity necessarily believes the
patent cannot be infringed. And it is impossible for anyone who believes that a patent cannot be infringed to induce actions that he knows will infringe it. A good-faith belief that a patent is invalid is therefore a defense to induced infringement of that patent.

As for the fact that validity and infringement are different issues, Scalia simply notes:

That is true. It is also irrelevant. Saying that infringement cannot exist without a valid patent does not “conflate the issues of infringement and validity,” ... any more than saying that water cannot exist without oxygen “conflates” water and oxygen. Recognizing that infringement requires validity is entirely consistent with the “long-accepted truth . . . that infringement and invalidity are separate matters under patent law.”

Scalia also trashes the idea that without this ruling it would undermine the presumption of validity. Not so, says Scalia, as it only would matter in cases where, in fact, the patent is not valid.

This presumption is not weakened by treating a good-faith belief in invalidity as a defense to induced infringement. An alleged inducer who succeeds in this defense does not thereby call a patent’s validity into question. He merely avoids liability for a third party’s infringement of a valid patent, in no way undermining that patent’s presumed validity.

Either way, I think Scalia got this one right, and unfortunately the majority of the court went the other way. The Supreme Court had been making a bunch of good rulings on patent law lately, so I guess it was bound to issue a stinker eventually. The overall impact won't be as big as some of the other cases, and I guess it's nice to see that the Supreme Court absolutely recognizes that patent trolling problem, as that will be handy in future cases.

from the basic-understanding dept

Nearly 150 tech companies (including us via the Copia Institute), non-profits and computer security experts have all teamed up to send a letter to President Obama telling him to stop these stupid ideas about backdooring encryption that keeping coming out of his administration. The press headlines will note that big companies -- like Google, Apple, Cisco, Microsoft, Twitter and Facebook -- are signing the letter. But significantly more interesting is the signatures from a huge list of computer security experts, all putting their names down on paper to make it clear what a ridiculously bad idea it is to even think about backdooring encryption. Among those signing on are Phil Zimmermann (who lived through this sort of thing before), Whitfield Diffie (guy who invented public key cryptography), Brian Behlendorf, Ron Rivest, Peter Neumann, Gene Spafford, Bruce Schneier, Matt Blaze, Richard Clarke (long-time counterterrorism guy in the White House), Hal Abelson and many, many more. Basically a who's who of people who actually know what they're talking about.

We urge you to reject any proposal that U.S. companies deliberately weaken the
security of their products. We request that the White House instead focus on
developing policies that will promote rather than undermine the wide adoption of
strong encryption technology. Such policies will in turn help to promote and protect
cybersecurity, economic growth, and human rights, both here and abroad.

Strong encryption is the cornerstone of the modern information economy’s security.
Encryption protects billions of people every day against countless threats—be they street
criminals trying to steal our phones and laptops, computer criminals trying to defraud us,
corporate spies trying to obtain our companies’ most valuable trade secrets, repressive
governments trying to stifle dissent, or foreign intelligence agencies trying to
compromise our and our allies’ most sensitive national security secrets.

Encryption thereby protects us from innumerable criminal and national security threats.
This protection would be undermined by the mandatory insertion of any new
vulnerabilities into encrypted devices and services. Whether you call them “front doors”
or “back doors”, introducing intentional vulnerabilities into secure products for the
government’s use will make those products less secure against other attackers. Every
computer security expert that has spoken publicly on this issue agrees on this point,
including the government’s own experts.

There's much more in the full letter which I highly recommend reading. It very nicely summarizes why this is a completely insane idea, and highlights why anyone raising it should be immediately told to move on to some other project instead:

The Administration faces a critical choice: will it adopt policies that foster a global digital
ecosystem that is more secure, or less? That choice may well define the future of the
Internet in the 21st century. When faced with a similar choice at the end of the last
century, during the so-called “Crypto Wars”, U.S. policymakers weighed many of the
same concerns and arguments that have been raised in the current debate, and correctly
concluded that the serious costs of undermining encryption technology outweighed the
purported benefits. So too did the President’s Review Group on Intelligence and
Communications Technologies, who unanimously recommended in their December 2013
report that the US Government should “(1) fully support and not undermine efforts to
create encryption standards; (2) not in any way subvert, undermine, weaken, or make
vulnerable generally available commercial software; and (3) increase the use of
encryption and urge US companies to do so, in order to better protect data in transit, at
rest, in the cloud, and in other storage.”

The Washington Post quotes another surprising signatory: Paul Rosenzweig, the former Deputy Assistant Secretary for Policy at Homeland Security. If that name sounds familiar, it's because we've quoted his defense of the NSA, once arguing that "too much transparency defeats the very purpose of democracy." If even he is arguing against backdooring encryption, you know it's an idea that should be killed off. In his case, it's because he recognizes the simple reality that seems to have eluded the FBI director:

The signatories include policy experts who normally side with national-security hawks. Paul Rosenzweig, a former Bush administration senior policy official at the Department of Homeland Security, said: “If I actually thought there was a way to build a U.S.-government-only backdoor, then I might be persuaded. But that’s just not reality.”

And the world would be much better off if all of these security experts and companies could focus on better protecting us from harm, rather than having to join in ridiculous debates about what a bunch of clueless bureaucrats think might be some sort of mythical magic unicorn encryption breaker.

from the 1324-Middle-Finger-Extended-Blvd. dept

Cisco became an inadvertent (and very unwilling) co-star in the NSA Antics: Snowden Edition when its logo was splashed across the web by a leaked document detailing the agency's interception of outbound US networking hardware in order to insert surveillance backdoors.

Cisco will ship boxes to vacant addresses in a bid to foil the NSA, security chief John Stewart says.

The dead drop shipments help to foil a Snowden-revealed operation whereby the NSA would intercept networking kit and install backdoors before boxen reached customers…

"We ship [boxes] to an address that's has nothing to do with the customer, and then you have no idea who ultimately it is going to," Stewart says.

"When customers are truly worried ... it causes other issues to make [interception] more difficult in that [agencies] don't quite know where that router is going so its very hard to target - you'd have to target all of them. There is always going to be inherent risk."

Stewart acknowledges that Cisco's modified dead drop shipping operations aren't foolproof, but will at least force the agency to do a little more research before intercepting packages. Stewart also noted that some customers aren't taking any chances, opting to pick up their hardware from Cisco directly.

There are also variables Cisco simply can't control, like the possibility of inbound components from upline manufacturers arriving pre-compromised. But it's doing what it can to ensure that "Cisco" isn't synonymous with "spyware."

Then there's always the possibility that the government may find Cisco's new routing methods to be quasi-fraudulent and force the company to plainly state where each package is actually going. No response has been issued by the ODNI or NSA to this news, and most likely, none will be forthcoming. Any statement on Cisco's fictitious routing would tip its hand.

Cisco's plan makes a lot of assumptions about the NSA's capabilities, most of which aren't particularly sound, but this seems to be more a public display of pique than a surefire way to eliminate most of the NSA's hardware interceptions. It also sends a message to the NSA, one it's been hearing more and more of over the last couple of years: the nation's tech companies aren't your buddies and they're more than a little tired of being unwilling partners in worldwide surveillance.

from the don't-fear-the-investment-bogeyman dept

By now, we've made it pretty clear that while Title II is being portrayed as a big, scary bogeyman by the nation's largest ISPs, it's really only a regulatory burden if you're doing something wrong. And while ISPs like Verizon, Comcast and AT&T have been making the rounds telling anyone who'll listen that Title-II based rules will stifle industry investment, those same ISPs have been not only regulated for years under Title II without problems, but ISPs like Verizon, Charter and Time Warner Cable have also been admitting to investors that's simply not true.

Enter hardware vendors like Sandvine, Cisco, Intel, IBM and Adtran, who last week joined forces to oppose Title-II based net neutrality rules in a letter (pdf) to Congress and the FCC. Even though the investment-bogeyman mantra has been thoroughly debunked by this point, that didn't stop the companies from upping the rhetoric ante -- and proclaiming that Title II will kill the entire economy:

"While many experts have noted the damage Title II could do to network investment, the harm would cascade out far beyond the provision of broadband service because the Internet is now so entwined with our entire economy...Reversing course now by shifting to Title II means that instead of billions of broadband investment driving other sectors of the economy forward, any reduction in this spending will stifle growth across the entire economy. This is not idle speculation or fear mongering. And as some have already warned, Title II is going to lead to a slowdown, if not a hold, in broadband build out, because if you don’t know that you can recover on your investment, you won’t make it."

Except fear mongering is exactly what it is. Wireless voice has always been regulated under Title II, yet wireless has seen an explosion in network investment over the last decade. Verizon's FiOS services are regulated under Title II for tax purposes, and a quick glimpse skyward should illustrate that the sky didn't fall. Meanwhile, to encourage regulatory apathy, the letter perpetuates the boring falsehood that the broadband market has "flourished" under a decade of deregulation regulatory capture, when the lack of competition, high prices, and horrid customer service clearly shows that's not the case.

The network hardware vendors' letter last week was bandied about as proof positive that "tech" companies oppose Title II rules, ignoring, of course, that in this case we're talking specifically about tech companies that stand to profit handsomely from weaker (or no) net neutrality rules.

Much like the ISPs, it's not really Title II hardware vendors oppose. What they oppose are rules that could potentially hamstring the billions that can be made from abusing the incumbent ISP gatekeeper stranglehold over noncompetitive markets, whether that comes in the form of double dipping, erecting arbitrary new tolls, discriminating against competing traffic, or imposing otherwise "creative" new pricing paradigms. After all, if these companies stand to make billions selling the hardware that makes this bad behavior possible, why on Earth would they want net neutrality rules that prohibit it?

from the stupid-this-had-to-happen-in-the-first-place dept

We've written a few times about Rockstar Consortium, a giant patent troll that was created when Microsoft and Apple (and a few others) teamed up to outbid Google, Intel (and a few others) in buying thousands of Nortel patents. Nortel admitted that it had bulked up on many of these patents for defensive measures, but once Nortel went bankrupt they went to the highest bidder (and the bidding went pretty damn high). The winners of the bidding kept a few of the patents for themselves, but then dumped them all into "Rockstar Consortium" which was a new giant patent troll and which, importantly, was not subject to promises that Apple and Microsoft initially made (to avoid antitrust problems) to license the patents under reasonable terms.

Last year, Rockstar launched its massive patent attack on Android, suing basically all the major Android phone makers and Google. While some have argued that big company v. big company patent attacks aren't a form of patent trolling, some of us disagree. This, like most patent trolling, is just trying to extract money from companies and has nothing to do with actual innovation. In the tech world, some have referred to this kind of thing as "privateering" in which a big company puts the patents into a shell company to hide their trolling activity.

Either way, it appears that a settlement of sorts has been reached, with Rockstar Consortium agreeing to sell its patents to RPX (with Google and Cisco picking up much of the bill). RPX is sort of the "good version of Intellectual Ventures." It's a company that collects a bunch of patents with the goal of using those patents for member companies for defensive purposes. Even though RPX has generally been "good," the business model basically lives because of patent trolling. Its very existence is because of all the patent trolling and abuse out there. In this case, though, it's making sure that basically anyone can license these patents under FRAND (fair and reasonable, non-discriminatory) rates. The price being paid is approximately $900 million. While that article points out that this is considerably less than the $4.5 billion Microsoft and Apple paid originally, again, this is only 4,000 of the 6,000 patents, and you have to assume the 2,000 the other companies kept were the really valuable patents.

In short, this is basically Google and Cisco (with some help from a few others) licensing these patents to stop the majority of the lawsuits -- while also making sure that others can pay in as well should they feel threatened. Of course, Microsoft, Apple and the others still have control over the really good patents they kept for themselves, rather than give to Rockstar. And the whole thing does nothing for innovation other than shift around some money.

Cisco's Mark Chandler celebrated the deal as a "common sense" solution. And, it certainly beats all out patent litigation war. But it's still just about moving money around, rather than encouraging innovation. He notes that in settling this as a group, it helps keep things from getting totally out of control:

While we have no quarrel with companies using their patents to stop the copying of differentiating features without permission... the driving up of patent valuations as each side in the war sought to bulk up for battle ended up serving no one other than lawyers and middlemen.

In the end, this is a better solution than years of legal battles. Making this offering open to others (at least for a limited time) is also a better result than might otherwise have been achieved. But it still shows how patents are abused and misused to shake down companies, rather than for any legitimate purpose. And, as Chandler also notes, the real issue still has to come down to fixing the broken patent system:

What is most critical, however, is changing the law to level the playing field and restore a patent system that rewards innovation, not litigation gamesmanship. The chance will come later this spring to enact meaningful patent reform. We will be there as advocates, and hope you will be too.